{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T18:32:34Z","timestamp":1771957954485,"version":"3.50.1"},"reference-count":47,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2017,12,5]],"date-time":"2017-12-05T00:00:00Z","timestamp":1512432000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Archit. Code Optim."],"published-print":{"date-parts":[[2017,12,31]]},"abstract":"Secure elements widely used in smartphones, digital consumer electronics, and payment systems are subject to fault attacks. To thwart such attacks, software protections are manually inserted requiring experts and time. The explosion of the Internet of Things (IoT) in home, business, and public spaces motivates the hardening of a wider class of applications and the need to offer security solutions to non-experts. This article addresses the automated protection of loops at compilation time, covering the widest range of control- and data-flow patterns, in both shape and complexity. The security property we consider is that a sensitive loop must always perform the expected number of iterations; otherwise, an attack must be reported. We propose a generic compile-time loop hardening scheme based on the duplication of termination conditions and of the computations involved in the evaluation of such conditions. We also investigate how to preserve the security property along the compilation flow while enabling aggressive optimizations. We implemented this algorithm in LLVM 4.0 at the Intermediate Representation (IR) level in the backend. On average, the compiler automatically hardens 95% of the sensitive loops of typical security benchmarks, and 98% of these loops are shown to be robust to simulated faults. Performance and code size overhead remain quite affordable, at 12.5% and 14%, respectively.<\/jats:p>","DOI":"10.1145\/3141234","type":"journal-article","created":{"date-parts":[[2017,12,6]],"date-time":"2017-12-06T21:23:15Z","timestamp":1512595395000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":29,"title":["Compiler-Assisted Loop Hardening Against Fault Attacks"],"prefix":"10.1145","volume":"14","author":[{"given":"Julien","family":"Proy","sequence":"first","affiliation":[{"name":"INVIA, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Karine","family":"Heydemann","sequence":"additional","affiliation":[{"name":"Sorbonne Universit\u00e9s, UPMC Univ Paris 06, CNRS, LIP6, Paris, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alexandre","family":"Berzati","sequence":"additional","affiliation":[{"name":"INVIA, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Albert","family":"Cohen","sequence":"additional","affiliation":[{"name":"INRIA and DI, \u00c9cole Normale Sup\u00e9rieure, Paris, France"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,12,5]]},"reference":[{"key":"e_1_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102165"},{"key":"e_1_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2463209.2488833"},{"key":"e_1_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/FDTC.2011.9"},{"key":"e_1_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2005.862424"},{"key":"e_1_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1873548.1873555"},{"key":"e_1_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2858930.2858931"},{"key":"e_1_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660304"},{"key":"e_1_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2013.219"},{"key":"e_1_2_2_9_1","volume-title":"International Symposium on Electromagnetic Compatibility. 318--321","author":"Bhasin S.","unstructured":"S. Bhasin , P. Maistri , and F. Regazzoni . 2014. Malicious wave: A survey on actively tampering using electromagnetic glitch . In International Symposium on Electromagnetic Compatibility. 318--321 . S. Bhasin, P. Maistri, and F. Regazzoni. 2014. Malicious wave: A survey on actively tampering using electromagnetic glitch. In International Symposium on Electromagnetic Compatibility. 318--321."},{"key":"e_1_2_2_10_1","volume-title":"Bellare (Ed.)","volume":"1880","author":"Biehl I.","unstructured":"I. Biehl , B. Meyer , and V. M\u00fcller . 2000. Differential fault attacks on elliptic curve cryptosystems. In Advances in Cryptology (CRYPTO 2000) (LNCS), M . Bellare (Ed.) , Vol. 1880 . Springer, 131--146. I. Biehl, B. Meyer, and V. M\u00fcller. 2000. Differential fault attacks on elliptic curve cryptosystems. In Advances in Cryptology (CRYPTO 2000) (LNCS), M. Bellare (Ed.), Vol. 1880. Springer, 131--146."},{"key":"e_1_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/s001450010016"},{"key":"e_1_2_2_12_1","unstructured":"Common Criteria. Common Criteria for Information Technology Security Evaluation Version 3.1 Revision 5. Common Criteria. Common Criteria for Information Technology Security Evaluation Version 3.1 Revision 5."},{"key":"e_1_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2689702.2689708"},{"key":"e_1_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-015-0282-0"},{"key":"e_1_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40026-1_2"},{"key":"e_1_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-71039-4_7"},{"key":"e_1_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03944-7_6"},{"key":"e_1_2_2_18_1","volume-title":"FISSC: A fault injection and simulation secure collection. In SAFECOMP. 3--11.","author":"Dureuil L.","year":"2016","unstructured":"L. Dureuil , G. Petiot , M.-L. Potet , T.-H. Le , A. Crohen , and P. de Choudens . 2016 . FISSC: A fault injection and simulation secure collection. In SAFECOMP. 3--11. L. Dureuil, G. Petiot, M.-L. Potet, T.-H. Le, A. Crohen, and P. de Choudens. 2016. FISSC: A fault injection and simulation secure collection. In SAFECOMP. 3--11."},{"key":"e_1_2_2_19_1","volume-title":"Zhou (Eds.)","volume":"2846","author":"Dusart P.","unstructured":"P. Dusart , G. Letourneux , and O. Vivolo . 2003. Differential fault analysis on AES. In Applied Cryptography and Network Security (ACNS\u201903) (LNCS), M. Yung, Y. Han, and J . Zhou (Eds.) , Vol. 2846 . Springer, 293--306. P. Dusart, G. Letourneux, and O. Vivolo. 2003. Differential fault analysis on AES. In Applied Cryptography and Network Security (ACNS\u201903) (LNCS), M. Yung, Y. Han, and J. Zhou (Eds.), Vol. 2846. Springer, 293--306."},{"key":"e_1_2_2_20_1","volume-title":"What About Vulnerability to a Fault Attack of the Miller\u2019s Algorithm During an Identity Based Protocol? Springer","author":"Mrabet Nadia El","unstructured":"Nadia El Mrabet . 2009. What About Vulnerability to a Fault Attack of the Miller\u2019s Algorithm During an Identity Based Protocol? Springer , Berlin , 122--134. Nadia El Mrabet. 2009. What About Vulnerability to a Fault Attack of the Miller\u2019s Algorithm During an Identity Based Protocol? Springer, Berlin, 122--134."},{"key":"e_1_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-08867-9_8"},{"key":"e_1_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.5555\/1128020.1128563"},{"key":"e_1_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1186736.1186737"},{"key":"e_1_2_2_24_1","unstructured":"G. Holloway and M. D. Smith. 2000. An Extender\u2019s Guide to the Optimization Programming Interface and Target Descriptions. The Machine-SUIF documentation set. Technical Report. Harvard University. G. Holloway and M. D. Smith. 2000. An Extender\u2019s Guide to the Optimization Programming Interface and Target Descriptions. The Machine-SUIF documentation set. Technical Report. Harvard University."},{"key":"e_1_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/TVLSI.2012.2231707"},{"key":"e_1_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/FDTC.2007.8"},{"key":"e_1_2_2_27_1","volume-title":"LNCS","volume":"1666","author":"Kocher Paul","year":"1999","unstructured":"Paul Kocher , Joshua Jaffe , and Benjamin Jun . 1999 . Differential power analysis. In Advances in Cryptology \u2014 CRYPTO\u201999 . LNCS , Vol. 1666 . Springer, 388--397. Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Advances in Cryptology \u2014 CRYPTO\u201999. LNCS, Vol. 1666. Springer, 388--397."},{"key":"e_1_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11212-1_12"},{"key":"e_1_2_2_29_1","volume-title":"International Symposium on Code Generation and Optimization. 75--86","author":"Lattner C.","unstructured":"C. Lattner and V. Adve . 2004. LLVM: A compilation framework for lifelong program analysis & transformation . In International Symposium on Code Generation and Optimization. 75--86 . C. Lattner and V. Adve. 2004. LLVM: A compilation framework for lifelong program analysis & transformation. In International Symposium on Code Generation and Optimization. 75--86."},{"key":"e_1_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/FDTC.2013.9"},{"key":"e_1_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-014-0077-7"},{"key":"e_1_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33027-8_4"},{"key":"e_1_2_2_35_1","unstructured":"S. S. Muchnick. 1997. Advanced Compiler Design & Implementation. Morgan Kaufmann. S. S. Muchnick. 1997. Advanced Compiler Design & Implementation. Morgan Kaufmann."},{"key":"e_1_2_2_36_1","volume-title":"A New Attack against Khazad","author":"Muller Fr\u00e9d\u00e9ric","unstructured":"Fr\u00e9d\u00e9ric Muller . 2003. A New Attack against Khazad . Springer , Berlin , 347--358. Fr\u00e9d\u00e9ric Muller. 2003. A New Attack against Khazad. Springer, Berlin, 347--358."},{"key":"e_1_2_2_37_1","volume-title":"Buffer overflow attack with multiple fault injection and a proven countermeasure. Journal of Cryptographic Engineering","author":"Nashimoto Shoei","year":"2016","unstructured":"Shoei Nashimoto , Naofumi Homma , Yu-ichi Hayashi, Junko Takahashi , Hitoshi Fuji , and Takafumi Aoki . 2016. Buffer overflow attack with multiple fault injection and a proven countermeasure. Journal of Cryptographic Engineering ( 2016 ). Shoei Nashimoto, Naofumi Homma, Yu-ichi Hayashi, Junko Takahashi, Hitoshi Fuji, and Takafumi Aoki. 2016. Buffer overflow attack with multiple fault injection and a proven countermeasure. Journal of Cryptographic Engineering (2016)."},{"key":"e_1_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/24.994926"},{"key":"e_1_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/24.994913"},{"key":"e_1_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/FDTC.2015.9"},{"key":"e_1_2_2_41_1","doi-asserted-by":"crossref","unstructured":"S. Ordas L. Guillaume-Sage K. Tobich J.-M. Dutertre and P. Maurine. 2015. Evidence of a Larger EM-Induced Fault Model. Springer 245--259. S. Ordas L. Guillaume-Sage K. Tobich J.-M. Dutertre and P. Maurine. 2015. Evidence of a Larger EM-Induced Fault Model. Springer 245--259.","DOI":"10.1007\/978-3-319-16763-3_15"},{"key":"e_1_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2006.134"},{"key":"e_1_2_2_43_1","doi-asserted-by":"crossref","unstructured":"C. Patrick B. Yuce N. F. Ghalaty and P. Schaumont. 2016. Lightweight fault attack resistance in software using intra-instruction redundancy. In Selected Areas in Cryptography (SAC). C. Patrick B. Yuce N. F. Ghalaty and P. Schaumont. 2016. Lightweight fault attack resistance in software using intra-instruction redundancy. In Selected Areas in Cryptography (SAC).","DOI":"10.1007\/978-3-319-69453-5_13"},{"key":"e_1_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/316686.316687"},{"key":"e_1_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/CGO.2005.34"},{"key":"e_1_2_2_46_1","unstructured":"J\u00f6rn-Marc Schmidt and Michael Hutter. 2013. The temperature side channel and heating fault attacks. In CARDIS. J\u00f6rn-Marc Schmidt and Michael Hutter. 2013. The temperature side channel and heating fault attacks. In CARDIS."},{"key":"e_1_2_2_47_1","volume-title":"2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC). 25--35","author":"Timmers N.","unstructured":"N. Timmers , A. Spruyt , and M. Witteman . 2016. Controlling PC on ARM using fault injection . In 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC). 25--35 . N. Timmers, A. Spruyt, and M. Witteman. 2016. Controlling PC on ARM using fault injection. In 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC). 25--35."},{"key":"e_1_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-31271-2_10"},{"key":"e_1_2_2_49_1","volume-title":"2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC). 47--58","author":"Yuce B.","unstructured":"B. Yuce , N. F. Ghalaty , H. Santapuri , C. Deshpande , C. Patrick , and P. Schaumont . 2016. Software fault resistance is futile: Effective single-glitch attacks . In 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC). 47--58 . B. Yuce, N. F. Ghalaty, H. Santapuri, C. Deshpande, C. Patrick, and P. Schaumont. 2016. Software fault resistance is futile: Effective single-glitch attacks. In 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC). 47--58."}],"container-title":["ACM Transactions on Architecture and Code Optimization"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3141234","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3141234","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:37:13Z","timestamp":1750217833000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3141234"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,12,5]]},"references-count":47,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2017,12,31]]}},"alternative-id":["10.1145\/3141234"],"URL":"https:\/\/doi.org\/10.1145\/3141234","relation":{},"ISSN":["1544-3566","1544-3973"],"issn-type":[{"value":"1544-3566","type":"print"},{"value":"1544-3973","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,12,5]]},"assertion":[{"value":"2017-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-09-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-12-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}